UK law firms must strengthen their online security to protect clients from international hacking fraud, a former assistant US attorney warned today.
He added that UK and US intelligence services report that China and Russia are both putting more resources into industrial espionage operations and that law firms are an 'active target'.
His warning comes as it emerges that a Russian hacker may have stolen some six million LinkedIn passwords, gaining possible access to credit card details.
Seth Berman, a former assistant US attorney and now the London-based director of digital risk management and investigations firm Stroz Friedberg, said: 'The security and risk landscape is changing rapidly and it's the very nature of law firms that makes them an active target. We're facing an increasingly sophisticated array of adversaries, which makes it more important than ever for law firms to recognise the severity of such threats.'
He said there is growing concern that the increased use of social media networks aimed at professional users, such as LinkedIn, may be used by hackers to gather information, before launching increasingly sophisticated phishing attacks.
Nigerian '419 frauds' promising millions of pounds in return for personal and bank account details remain common, Berman said, but 'phishing' emails are becoming increasingly elaborate and are now being used to obtain commercially sensitive information and intellectual property from law firms.
Berman said: 'There is no doubt most law firms recognise their obligations and have taken steps to shield client data. But the sector is unusual in the way it deals with information, which sees personal details of individual partners, associates and lawyers readily available on firms' websites.
'Law firms need to realise that they are being targeted and must tailor policies and training to address this threat.'